Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 11 replies
  • Subscribers 29 subscribers
  • Views 1125 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XGS (19.0.1 MR-1-Build365) WAF different ports

Jan W

Hello

I have configured a WAF Rule as following:


WAF #1 
WAN -> HTTPS Port 443 for domain xyz.xyz
Internal Web Server Port 443 

Everything works greats, i can reach my internal web-server via https://xyz.xyz

So i created a new Rule as following:

WAF #2: WAN -> HTTPS Port 8443 for domain abc.abc
internal Web Server Port 8443

When i want to open https://abc.abc:8443 i only get an error connection refused. 
But now i also get with the first url https://xyz.xyz the same error 

Disable Rule #2 the first works again.

What is wrong?



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to LuCar Toni

    i had a mistake on capturing. now capture works, but problem is still the same.

    rule#1 -> 

    Ethernet header
Source MAC address:bc:x
Destination MAC address: c8:x
Ethernet type IPv4 (0x800)
 
IPv4 Header
Source IP address:185.x
Destination IP address:94.x
protocol: TCP
Header:20 Bytes
Type of service: 0
Total length: 52 Bytes
Identification:27650
Fragment offset:16384
Time to live: 118
Checksum: 39422
 
TCP Header:
Source port: 19637
Destination port: 443
Flags: SYN
Sequence number: 1508870166
Acknowledgement number: 0
Window: 64240
Checksum: 17658


    is consumed by rule 15 (this is WAF rule#1) Same when rule2 is active.

    rule#2 ->

    Ethernet header
Source MAC address:bc:x
Destination MAC address: c8:x
Ethernet type IPv4 (0x800)
 
IPv4 Header
Source IP address:185.x
Destination IP address:94.x
protocol: TCP
Header:20 Bytes
Type of service: 0
Total length: 52 Bytes
Identification:27693
Fragment offset:16384
Time to live: 118
Checksum: 39379
 
TCP Header:
Source port: 1069
Destination port: 12389
Flags: SYN
Sequence number: 507478842
Acknowledgement number: 0
Window: 64240
Checksum: 40804

    is consumed by rule 25 (default drop) WHY?!?

  • 0 in reply to Jan W

    Just to be sure: You are using https://hostname:12389 not http://? 

    Could you check the /log/reverseproxy.log, if you see any kind of "Invalid encryption key". 

  • +1 in reply to LuCar Toni

    Hi, it is https:// 

    i found the problem but i don't know how this can happen.

    in /log/reverseproxy.log (can i access this only over ssh?) i found following:

    [Tue Aug 30 09:52:24.597108 2022] [ssl:emerg] [pid 4716:tid 140673883045568] AH02565: Certificate and private key abc.abc:12389:0 from /conf/certificate/abc.abc.pem and /conf/certificate/private/abc.abc.key do not match
    AH00016: Configuration Failed

    this repeats every few seconds, so i belive thats the reason why no site works.

    after reuploading the same pem & key file via web, rule 2 works....

    that is confusing thank you for your help!